Uncovering NETWIRE Malware - Discovery & Deobfuscation
90,060
Published 2022-02-18
Help the channel grow with a Like, Comment, & Subscribe!
❤️ Support ➡ j-h.io/patreon ↔ j-h.io/paypal ↔ j-h.io/buymeacoffee
Check out the affiliates below for more free or discounted learning!
🖥️ Zero-Point Security ➡ Certified Red Team Operator j-h.io/crto
💻Zero-Point Security ➡ C2 Development with C# j-h.io/c2dev
👨🏻💻7aSecurity ➡ Hacking Courses & Pentesting j-h.io/7asecurity
📗Humble Bundle ➡ j-h.io/humblebundle
🌎Follow me! ➡ j-h.io/discord ↔ j-h.io/twitter ↔ j-h.io/linkedin ↔ j-h.io/instagram ↔ j-h.io/tiktok
📧Contact me! (I may be very slow to respond or completely unable to)
🤝Sponsorship Inquiries ➡ j-h.io/sponsorship
🚩CTF Hosting Requests ➡ j-h.io/ctf
🎤 Speaking Requests ➡ j-h.io/speaking
💥 Malware Submission ➡ j-h.io/malware
❓ Everything Else ➡ j-h.io/etc
All Comments (21)
-
John please do not ever stop doing this kind of videos. As a student i really love them, there super interesting, keep the great job!
-
I love the journey John goes on in these videos. From "HOW DO THEY KNOW IT'S NETWIRE??" to "Oh here's a super unique obfuscation key that's an obvious IOC and they literally create directories named 'Netwire'"
-
I appreciate the dark mode. I watch these videos on break during my night shift. LOL Great job with the content. Your dissections make it look easy.
-
Last week I dig into a .Net Assembly with some base64 encoded string in it. And thanks to the Videos of John I recognize the string and I know what to do with it.
-
Thank you for doing more of these! They're my favorite type of videos by you. I know you love doing CTFs because you enjoy it. Don't quit either series. Just know people love this series too
-
To be honest, I'm surprised that you haven't tried using Windows Terminal + SSH to connect to your remnux box for these deobfuscation videos... That'd be pretty slick.
-
Thank you John for using dark mode. I've been called a vampire since I was 17 :)
-
More more more! I love just learning new things. I like how you notice things that are the same. This is so cool
-
was super excited for this vid! great watch and more valuable info! thx john
-
Hell yeah! Thanks John. Love your content!
-
Fantastic video! Hope you continue this series
-
31:40 I was getting worried that he wasnt going to upload the video
-
I just recently discovered CTF's and John your content is GOLD! i am trying to transition into Cyber security, thank you for all the work you are doing.
-
thanks man. love this kind of vids
-
"dark mode for all you vampires that watch my content" 💀 am dead john 🤣🤣🤣 19:58 that gave me a good laugh and energy to finish this video 😂 soo
-
John, would you care to do a piece on firmware/UEFI malwares, their persistence and how to approach deobfuscation and/or removal?
-
That was awesome. Keep it up
-
Good video, good content 👌 and always something interesting hidden 👍
-
4D 5A is the hex representation of 'MZ', the magic string at the start of a Windows executable file.
-
Can't wait.